1. Click Forbes link
2. Get blank page where ad should be and "Continue to site" link
3. Click continue
4. Get request to turn off ad blocker
5. Laugh that I can't remember that Forbes blocks ad blockers
6. Google the headline
7. Read the story someplace else
I really want a plug that will let me mark sites like Forbes and then decorate any links to it indicating I've already decided I don't want to go there. This way Forbes doesn't even get a +1 visit from me. I've had this thought several times over the last few months so last night I started work on a Chrome plugin that takes a regex pattern and css styles, finds the pattern in the markup and then applies the css to the first visible element containing the pattern. I'm hoping it will be useful for more than just reminding myself to not click links.
My favorite part of their anti-adblocker approach was when I actually disabled my blocker and ran into a hilarious "ad-light"[0] experience that was so ad-heavy I immediately gave up and found somewhere else to read an article. Countless "sponsored" article links, old-timey banner ads, and 75% of the visible page devoted to items other than content.
Every time I reached the Forbes website I was really wondering if there is any option to hide a website from Google search results. So, I would like to never have any result from forbes.com (even if I search forbes). Do you know if there are Chrome Extensions or settings you can turn on in Google Search to hide certain websites?
1. Open Forbes link in a new tab
2. Get redirected to completely blank page with only /welcome/ in the URL path
3. Temporarily enabling JavaScript for its domain and reloading won't help, since it lost the original URL and I don't remember where I got the link, so I don't even try
4. Give up and close the tab
For most sites where JavaScript is required, temporarily enabling (uBlock origin advanced mode) and reloading is enough. Forbes is the only one I recall which completely loses the URL in the redirect.
I once disabled something in by adblocker that prevented Forbes from knowing I had an adblocker. Basically, you only allow that one adblocker detector to come through.
Of course it is not like I remember what it was, but I don't have to bother with Forbes anymore.
What cheeses me off is that I get blocked from many sites just for using FlashBlock. I'm not blocking all ads, I'm just using a "disable flash by default and enable manually if necessary".
IMO, this is the biggest issue facing ad providers today.
I get the anti-ad blocker complaints - there are a lot of sites that depend entirely upon advertising revenue for their continued existence. And this isn't just crappy blogmills - even a company like the New York Times doesn't make enough money from subscriptions alone to continue operating without advertising of some sort.
Maybe there's a different model out there but as far as I'm aware no-one has found it yet, and in the mean time I'm quite prepared to tolerate advertising on web sites in return for the content I get. I'll even tolerate a pre-roll ad or a full-screen takeover before I get to a page every now and then - but there's a line. The mild end of it (for me) is ads clearly intended to make you click by accident, and the severe end of it is malware like this. And in my experience it's on the rise.
By all means implore your users to turn off their ad blockers. But clean house first and make sure you know what you're serving. The real problem is that it's borderline impossible for anyone to do so, given how many reseller networks exist out there these days. I often see people say that sites should arrange and sell their own advertising - but the reality is there's no money in it. Selling yourself out to the Google ad behemoth is often the only way out.
I think most people, with a little education, are reasonable when it comes to ads. I know I was. Most of my computers didn't block ads or scripts. You can try to be nice but the ad makers have escalated things to the point that you have to respond. It's like content creators these days are so upset about ad-blocking that they feel they have to lash out with ads at the people that don't block. I went to some random Linux Q&A forum and had to force-quit my browser because the ads brought the browser to a standstill; all tabs were frozen. I consider ads that crash or force me to close my browser as an act of violence. Nobody in their right mind wants to subject themselves to that, regardless of their opinion of ad-blocking.
"Maybe there's a different model out there but as far as I'm aware no-one has found it yet"
Sure they have. Sites just need to host the ads natively instead of outsourcing that responsibility. But they don't want to do that, because they don't want to take on that responsibility.
A company I founded, Publir, is working on a new model here -- well behaved ads for anonymous users, microsubscriptions via Stripe to eliminate ads client-side for devoted readers.
Turns out that eliminating ads in the client upon payment is actually quite difficult to do with good hygeine; ad networks are very sensitive to "fraud." Now that we have a good solution, we're pretty excited about it.
>Maybe there's a different model out there but as far as I'm aware no-one has found it yet
You could try Google Contributor. It shows you pictures of cats instead of ads, and let's you give a couple pennies to the website. It's not 100% but it's something different.
For me, the breaking point were ads that expanded to fill the screen, or that autoplayed something loud. I hated searching a page for the little ad that was blasting me in the ears. Then, once you realize that seeing ads is actually a choice, why would you ever go back?
"We need you!" or "We're better now!" is a hard sell after all of that brutal, personal experience.
I'm willing to compromise on web advertising, but not while this is possible. I don't understand why on Earth ad networks, and more importantly content publishers, allow arbitrary Javascript and Flash through their networks and onto their websites. You as a content publisher are not allowed to compromise your users' security, full stop. You are responsible for any compromises that come through your website. Until content publishers get that through their thick fucking skulls, I will continue to use an ad blocker and strongly recommend them to everyone I know. I would rather all ad-supported businesses fail than allow this malware to continue be distributed.
Google is largely responsible for the situation we're now in. As the largest provider of ads on the web, they regularly turn a blind eye to malware advertising served by their network.
They simply do not take malware seriously. They continually let it exist on their ad network. As a publisher that uses Adsense I find this extremely frustrating. As example: I've spent quite a bit of time attempting to block ads that lead to the "ask.com toolbar." These are always deceptive. They confuse my visitors and then I hear about it.
Additionally ads where the only text is "Download Now" or "Read Your Private Messages" are clearly deceptive. And yet they're allowed.
There are so many easy ways Google could improve the situation. And yet, they don't. This is a serious problem, and it is only going to get worse until Google responds appropriately.
The problem isn't Google or DoubleClick; it's a structural problem with the ad industry.
Most sites that serve ads can't sell all their inventory directly, so they fill their remaining impressions with ad networks, who sell bulk inventory space. Those ad networks have the same economic limitations from selling all their inventory, so they need to sell _their_ remaining impressions to another network. And so on down the line.
All it takes is for one ad network to get a little loose with their serving policy for a malware provider to make an in. And I can't think of a way for an upstream ad network (or even DoubleClick) to ban malware, without tracking down that errant provider. You can't blacklist a domain, because usually the ad network hosts the ad itself. And like it or not, ads have to run Javascript or Flash.
It's a crappy situation to be in, but it's not any one actor's fault (except for the malware advertiser), and the fix isn't easy or else someone would have thought of it.
Because it may not be obvious, this article is from early January. A number of different sites reported on these incidents back when they happened. Here are a few examples:
Publishers should look to Stack Overflow and be inspired to run ads of high quality and relevance[0].
Throw out the ad networks, tracking, and reject rich media ads. Instead focus on high value ads that align well with your readership and manually verify the quality of these ads. If publishers do this I am willing to turn of my ad blocker.
Seems to me this functionality could be wrapped up in a web proxy. The proxy can pretend to allow all the ads, and simply drop them on the way to clients. Of course this doesn't deal with the issue of ads soaking up a bunch of bandwidth.
I get tired of installing ad blockers on every machine/device in the house, and on some machines use multiple different browsers -- I'm suffering from blocker installation fatigue.
I understand everyone's frustration around this issue, I hate site that block adblocker users as well. However, this article is an example of unethical journalism.
TL;DR
Article says "Well, how about they start treating their ad inventory with at least a percentage of the care with which they treat their content?"
The researcher who discovered the issue says "Forbes almost immediately reached out and we started a dialog. We shared logs, events, and descriptions of the ad."
In contrast, when the researcher reached out the correct the Engadget article that started this and quoted him, he got no response.
I remember thinking this was suspicious. I remember about three months ago I added a bunch of known malware sites to my hostfile so that I wouldn't give them traffic, and I couldn't get to Forbes.
Wow, the language, "hold their content hostage". I hate ads probably more than most[1], but still, if Forbes doesn't want to give up their articles without fair compensation, that's their prerogative. They're not taking hostages.
I noticed there are a lot more sites that can detect Ad Blockers. They hassle you about disabling the blocker.
Why not just make the ad inline into the content of the page. It would speed up the site as you would not have to make all the extra connections to these ad networks via thirdparty javascript.
Ad networks don't want to trust publishers to accurately report page hits with inline images, they also would presumably like to be able to track users and serve up "tailored" ads, which they can't really do if they don't get any information on the user before serving the ad.
I'm not sure why one of these big sites haven't been hit with a class action lawsuit... the website is responsible for the content it delivers... period. Especially when they force users to disable their ad blockers.
It seems to me, that someone who got an $xxx ransomware, or paid the nerd herd to remove malware from their computers could be the base of a class action lawsuit... That's what it will take to get this crap to change is to actually hold one of these larger media sites responsible.
Agreed. If Forbes is serving malware to visitors who have complied with its instruction to turn off their adblockers, and if those visitors suffer damages due to malware served through Forbes, you'd think there's the basis for at least individual suits against Forbes, maybe class action.
One argument is that Forbes has a duty of care and the ability to prevent serving damaging malware to its compliant invitees (visitors). They're in breach of that duty, so maybe damages for negligence?
What bothers me in the ad blocker debate is that publishers want me to turn it off so I can see the ads.
Not click on them, just see them. Even though I never click on any ads, they still consider it valuable to subliminally influence me into wanting stuff I don't want.
To me, this is even shittier than forcing me to click on an ad before giving me the content. But to also serve me malware... is beyond shitty, it's dangerous.
Content is cheap these days. There's too much of it out there, high quality and free. In fact, I wouldn't mind if there were less content produced on the Internet.
I know that the content that is really valuable will still stay and all the bullshit that needs ads to stay afloat will disappear.
Forbes with malware? No, thanks.
For me the rule of thumb is this - if you need me to turn off my ad blocker, then I don't need your content.
I use Steven Blacks hosts script[1] and every time I see Forbes paywall, I just leave. If the article is that important, some other outlet will cover the news.
I run both AdBlock and Ghostery. I experienced the same interstitial as every one, was particularly interested in the article headline, disabled AdBlock, reloaded the page, still blocked, disabled Ghostery, reload the page, worked.
Ghostery disabled, it initially reported that about 60 trackers loaded in the page which then quickly turned to 97 to then reach more than 110 trackers.
Yesterday I tried to read a Forbes article on my mobile. It presented me with the banner asking me to turn ad-blocker off (which I haven't installed). I reloaded the page and was faced with pop-ups claiming I had won free Amazon products.
If you're interested in mobile ad blocking (if you're concerned about the security of your mobile device, you should be), uBlock Origin works very well in Firefox for Android. I strongly recommend you install it before your device is compromised.
[+] [-] ikeboy|10 years ago|reply
[+] [-] georgespencer|10 years ago|reply
1. Click Forbes link 2. Get blank page where ad should be and "Continue to site" link 3. Click continue 4. Get request to turn off ad blocker 5. Laugh that I can't remember that Forbes blocks ad blockers 6. Google the headline 7. Read the story someplace else
Hope that helps.
[+] [-] jasonkostempski|10 years ago|reply
[+] [-] mmoche|10 years ago|reply
[0]https://twitter.com/mmoche/status/710167616535531520
[+] [-] ultramancool|10 years ago|reply
1. Install https://github.com/reek/anti-adblock-killer
2. Laugh maniacally.
[+] [-] XCSme|10 years ago|reply
[+] [-] ZeroGravitas|10 years ago|reply
[+] [-] cesarb|10 years ago|reply
1. Open Forbes link in a new tab 2. Get redirected to completely blank page with only /welcome/ in the URL path 3. Temporarily enabling JavaScript for its domain and reloading won't help, since it lost the original URL and I don't remember where I got the link, so I don't even try 4. Give up and close the tab
For most sites where JavaScript is required, temporarily enabling (uBlock origin advanced mode) and reloading is enough. Forbes is the only one I recall which completely loses the URL in the redirect.
[+] [-] ikeboy|10 years ago|reply
[+] [-] baldfat|10 years ago|reply
I use w3m
[+] [-] nashashmi|10 years ago|reply
Of course it is not like I remember what it was, but I don't have to bother with Forbes anymore.
[+] [-] Pxtl|10 years ago|reply
[+] [-] Aelinsaar|10 years ago|reply
[+] [-] untog|10 years ago|reply
I get the anti-ad blocker complaints - there are a lot of sites that depend entirely upon advertising revenue for their continued existence. And this isn't just crappy blogmills - even a company like the New York Times doesn't make enough money from subscriptions alone to continue operating without advertising of some sort.
Maybe there's a different model out there but as far as I'm aware no-one has found it yet, and in the mean time I'm quite prepared to tolerate advertising on web sites in return for the content I get. I'll even tolerate a pre-roll ad or a full-screen takeover before I get to a page every now and then - but there's a line. The mild end of it (for me) is ads clearly intended to make you click by accident, and the severe end of it is malware like this. And in my experience it's on the rise.
By all means implore your users to turn off their ad blockers. But clean house first and make sure you know what you're serving. The real problem is that it's borderline impossible for anyone to do so, given how many reseller networks exist out there these days. I often see people say that sites should arrange and sell their own advertising - but the reality is there's no money in it. Selling yourself out to the Google ad behemoth is often the only way out.
[+] [-] hexagonc|10 years ago|reply
[+] [-] uptown|10 years ago|reply
Sure they have. Sites just need to host the ads natively instead of outsourcing that responsibility. But they don't want to do that, because they don't want to take on that responsibility.
[+] [-] malchow|10 years ago|reply
Turns out that eliminating ads in the client upon payment is actually quite difficult to do with good hygeine; ad networks are very sensitive to "fraud." Now that we have a good solution, we're pretty excited about it.
[+] [-] bduerst|10 years ago|reply
You could try Google Contributor. It shows you pictures of cats instead of ads, and let's you give a couple pennies to the website. It's not 100% but it's something different.
[+] [-] Aelinsaar|10 years ago|reply
"We need you!" or "We're better now!" is a hard sell after all of that brutal, personal experience.
[+] [-] cm2187|10 years ago|reply
[+] [-] coldpie|10 years ago|reply
[+] [-] JacobJans|10 years ago|reply
They simply do not take malware seriously. They continually let it exist on their ad network. As a publisher that uses Adsense I find this extremely frustrating. As example: I've spent quite a bit of time attempting to block ads that lead to the "ask.com toolbar." These are always deceptive. They confuse my visitors and then I hear about it.
Additionally ads where the only text is "Download Now" or "Read Your Private Messages" are clearly deceptive. And yet they're allowed.
There are so many easy ways Google could improve the situation. And yet, they don't. This is a serious problem, and it is only going to get worse until Google responds appropriately.
[+] [-] morley|10 years ago|reply
Most sites that serve ads can't sell all their inventory directly, so they fill their remaining impressions with ad networks, who sell bulk inventory space. Those ad networks have the same economic limitations from selling all their inventory, so they need to sell _their_ remaining impressions to another network. And so on down the line.
All it takes is for one ad network to get a little loose with their serving policy for a malware provider to make an in. And I can't think of a way for an upstream ad network (or even DoubleClick) to ban malware, without tracking down that errant provider. You can't blacklist a domain, because usually the ad network hosts the ad itself. And like it or not, ads have to run Javascript or Flash.
It's a crappy situation to be in, but it's not any one actor's fault (except for the malware advertiser), and the fix isn't easy or else someone would have thought of it.
[+] [-] coldpie|10 years ago|reply
[+] [-] davesque|10 years ago|reply
http://www.engadget.com/2016/01/08/you-say-advertising-i-say...
http://www.extremetech.com/internet/220696-forbes-forces-rea...
http://www.networkworld.com/article/3021113/security/forbes-...
[+] [-] lowestkey|10 years ago|reply
[+] [-] shkkmo|10 years ago|reply
https://news.ycombinator.com/item?id=11455718
[+] [-] K0nserv|10 years ago|reply
Publishers should look to Stack Overflow and be inspired to run ads of high quality and relevance[0].
Throw out the ad networks, tracking, and reject rich media ads. Instead focus on high value ads that align well with your readership and manually verify the quality of these ads. If publishers do this I am willing to turn of my ad blocker.
0: https://blog.stackoverflow.com/2016/02/why-stack-overflow-do...
[+] [-] ktRolster|10 years ago|reply
[+] [-] ArtDev|10 years ago|reply
[+] [-] dbcurtis|10 years ago|reply
I get tired of installing ad blockers on every machine/device in the house, and on some machines use multiple different browsers -- I'm suffering from blocker installation fatigue.
[+] [-] gnodar|10 years ago|reply
[+] [-] itslennysfault|10 years ago|reply
[+] [-] xori|10 years ago|reply
http://www.ghettoforensics.com/2016/03/of-malware-and-adware...
[+] [-] shkkmo|10 years ago|reply
TL;DR
Article says "Well, how about they start treating their ad inventory with at least a percentage of the care with which they treat their content?"
The researcher who discovered the issue says "Forbes almost immediately reached out and we started a dialog. We shared logs, events, and descriptions of the ad."
In contrast, when the researcher reached out the correct the Engadget article that started this and quoted him, he got no response.
[+] [-] jessriedel|10 years ago|reply
[+] [-] tombert|10 years ago|reply
Funny, too, because I don't even use Ad-block.
[+] [-] SCAQTony|10 years ago|reply
[+] [-] jordigh|10 years ago|reply
--
[1] https://news.ycombinator.com/item?id=10939083
[+] [-] tmaly|10 years ago|reply
Why not just make the ad inline into the content of the page. It would speed up the site as you would not have to make all the extra connections to these ad networks via thirdparty javascript.
[+] [-] flying_kangaroo|10 years ago|reply
[+] [-] tracker1|10 years ago|reply
It seems to me, that someone who got an $xxx ransomware, or paid the nerd herd to remove malware from their computers could be the base of a class action lawsuit... That's what it will take to get this crap to change is to actually hold one of these larger media sites responsible.
[+] [-] ridgeguy|10 years ago|reply
One argument is that Forbes has a duty of care and the ability to prevent serving damaging malware to its compliant invitees (visitors). They're in breach of that duty, so maybe damages for negligence?
[+] [-] ihsw|10 years ago|reply
[+] [-] justsaysmthng|10 years ago|reply
Not click on them, just see them. Even though I never click on any ads, they still consider it valuable to subliminally influence me into wanting stuff I don't want.
To me, this is even shittier than forcing me to click on an ad before giving me the content. But to also serve me malware... is beyond shitty, it's dangerous.
Content is cheap these days. There's too much of it out there, high quality and free. In fact, I wouldn't mind if there were less content produced on the Internet.
I know that the content that is really valuable will still stay and all the bullshit that needs ads to stay afloat will disappear.
Forbes with malware? No, thanks.
For me the rule of thumb is this - if you need me to turn off my ad blocker, then I don't need your content.
[+] [-] joeblau|10 years ago|reply
[1] - https://github.com/StevenBlack/hosts
[+] [-] http-teapot|10 years ago|reply
Ghostery disabled, it initially reported that about 60 trackers loaded in the page which then quickly turned to 97 to then reach more than 110 trackers.
I highly recommend installing Ghostery.
https://twitter.com/teapot/status/707016161234276352 https://twitter.com/teapot/status/707016382286680066
[+] [-] barretts|10 years ago|reply
[+] [-] oli5679|10 years ago|reply
[+] [-] coldpie|10 years ago|reply